Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
libcares2
CVE-2017-1000381.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-1000381.patch of Package libcares2
From e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 Mon Sep 17 00:00:00 2001 From: David Drysdale <drysdale@google.com> Date: Mon, 22 May 2017 10:54:10 +0100 Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data Check that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. --- ares_parse_naptr_reply.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: c-ares-1.9.1/ares_parse_naptr_reply.c =================================================================== --- c-ares-1.9.1.orig/ares_parse_naptr_reply.c +++ c-ares-1.9.1/ares_parse_naptr_reply.c @@ -158,6 +158,12 @@ ares_parse_naptr_reply (const unsigned c if (status != ARES_SUCCESS) break; } + /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */ + if (rr_len < 7) + { + status = ARES_EBADRESP; + break; + } /* Don't lose memory in the next iteration */ free (rr_name); @@ -185,4 +191,3 @@ ares_parse_naptr_reply (const unsigned c return ARES_SUCCESS; } -
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
